use gri_secmgr qw(get_user_name get_cookie_value valid_user_access);

sub mm_validate_access {
my $role=shift;
my $portal=shift; # if defined then allow if one of owners of this portal

	$::ACCESS_BY=undef;
	my $user_name=get_user_name();
	if(!defined($user_name)) {
		print html_error("Not logged in - this page is not available.",1);
		exit;
	}
	# If portal is defined check if I am an owner and if
	# so and this is portal_admin role then allow.
	if($role eq "portal_admin" && defined($portal)) {
		my $pname=hex_to_string($portal);
		my $dd=$::GRI_FRONTEND->get_portal_details($pname);
		if(defined($dd->{error})) {
			print html_error($dd->{error});
			exit;
		}
		if(@{$dd->{owners}} && grep {$_ eq $user_name} @{$dd->{owners}}) {
			print STDERR "Allow - user in owners for portal.\n";
			$::ACCESS_BY=["Portal owner",$user_name];
			return "";	# Access allowed continue on page
		}
	}
	my ($rc,$err);
	($rc,$err)=$::GRI_FRONTEND->does_user_have_role($user_name,$role);
	if($rc==0) {
		load_macro("mm_header");
		my $n2=string_to_hex($user_name);
		my $r2=string_to_hex($role);
		my $l=link_to_str("stdlink","Role Access","role_access","role=$r2,user=$n2");
		my $s="<h2>Security Error</h2>\n";
		$s.="<font class=stdtext>You have not been granted access to this page or to perform this action. Please click following link to request access:    $l\n</font>";
		print mm_header();
		print $s;
		exit;
	}
	if(defined($err)) {
		load_macro("mm_header");
		print mm_header();
		print html_error("Error occured when checking access:<br>$err",0);
		exit;
	}
	print STDERR "Fine - you apparently have the role $role.\n";
	return "";	# Access allowed continue on page
}

1;

# vim: ts=4:sw=4:syntax=perl
